The oldest of these, CVE-2008-2320, was revealed last July, and can result in arbitrary code execution from viewing a web page abuses CSS color strings.

20 of the 46 vulnerabilities fixed are listed by Apple as leading potentially to arbitrary code execution. Other potential impacts include unexpected device reset, cross-site scripting, unauthorized information disclosure, a weakened password policy, and "[A]n application that causes an alert to appear may initiate a phone call without user interaction."

Check back with us in a few months or years, as the new features in iPhone OS 3.0 undoubtedly have new vulnerabilities of their own.